Why not start out reading a book on hacking, like Hacking for Dummies, Hacking Exposed, any Kevin Mitnick book? This could give you an overview of the fundamentals of hacking, and the Mitnick books have good stories, and history on hacking.

I also agree with you about basic Linux knowledge. But, I would not start right off with a hacking distribution, I would get to know the basics. Start with something like Ubuntu. Learn how to use the terminal, install programs, etc.

Since you are already in IT... If you don't already know, I would suggest learning about the TCP/IP protocol, and learn the differences between a hubbed network and a switched network.

There are a lot of aspects to learn about, but those are good to start with.

Last edited by eth3real on Wed Mar 05, 2008 1:18 pm, edited 1 time in total.

I'm completing my MCSA at the moment for my position here and theN i'm going to go into CCNA training, get some switches/routers and set up a virtual network. In the meantime, work with linux at home and get a handle on the OS and go from there I think.

lol, I've got a lot of that on the list.... Working on the distro basics and washboard abs atm....

The coding part is what scares me... I took a weed out java class in college and I think that scarred me for life regarding programming... I've been thinking of picking up C Primer Plus and working through that...

Oh if I only had 40 hour days it would be so much easier to go through everything I want to learn.

As far as programming goes, you should really just learn scripting for now. Not even writing scripts, yet, but just be able to read a bash script, VBScript, etc. and have a general idea of what it does.

Later, it will become very useful to be able to write scripts, and programs, or at least be able to modify source code.

as far as programming. if you are new, start incorporating it into your learning plan NOW, if you stick with this field and you cant code or script you will hit a point where you cant put your ideas into code (or not easily) and that just sux

It seems like the one guy on that post was more of a fan of tools than actual knowledge. Being new and having sat through various exams, I agree that you need knowledge of TCP/IP and how it works. Any one can run a tool and get a shell. Even I have done that. And I got a thrill from that. I also recognize that I still have a lot to learn. That being said, I also think that you need to understand the output a tool gives you. Thanks for posting that thread.

Only thing I'd add to the list is that before you get any of the things previously listed you need one thing, patience.

From my experience it take a lot of time and a lot more work to be an 'ethical hacker'. I've been around IT and security for a while and don't come close to what I'd class as a hacker (leaving the holy-wars out of it ) but I'm learning fast, have the ethical part and I'm still here wanting to improve.

As others have said learning the basics first helps (TCP/IP etc.) but don't expect to learn everything instantly. Most importantly though if you want to remain interested in the field for the long game, ignore all the advice here and study whatever makes you go 'ooooh, hows that work?' be it IDS, shellcode, scanning, etc. I found this has helped keep up motivation to learn through the 'do I really need this?' moments.

If you dive in wherever you're most motivated you'll find the basics come through time as and when you need them. (at least I'm finding that).

Good luck, and don't be afraid to ask the questions when necessary (just ask google first )

The Penetration field is quite deep and wide, you can specialize in Windows pentesting, or databases, or web application security, what ever floats your boat. if you are very comfertable with Windows and know how to secure it well and have read the hacking exposed books or similar and would like to know more about Linux I would reccomend that you check the Linux documentaion project, and howtos, try to setup a server and secure it, and pen test it, scripting in Linux/Unix world is a must to understand the start/stop scripts, and to automate most of your work, In brief use what you already got, and develop yourself in the areas you enjoy most